Route Origin Authorization
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/137/ZQ3detZZ5ii9u5s6quzFZtYnOJA.roa
File: ZQ3detZZ5ii9u5s6quzFZtYnOJA.roa (raw, json)
Hash identifier: 3kX064a86U5SffZWT8/OPLZtyDWJPO7sX2xIlQ0Upro=
Subject key identifier: 65:0D:DD:7A:D6:59:E6:28:BD:BB:9B:3A:AA:EC:C5:66:D6:27:38:90
Certificate issuer: /CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Certificate serial: 546A
Authority key identifier: BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZQ3detZZ5ii9u5s6quzFZtYnOJA.roa
Signing time: Sat 11 May 2024 03:24:25 +0000
ROA not before: Sat 11 May 2024 03:24:25 +0000
ROA not after: Fri 31 Jan 2025 01:13:46 +0000
asID: 24426
IP address blocks: 43.236.0.0/16 maxlen: 16
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 21610 (0x546a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=BDEBED8640CBA6593DA9F9A3DD228D38912458EA
Validity
Not Before: May 11 03:24:25 2024 GMT
Not After : Jan 31 01:13:46 2025 GMT
Subject: CN=650DDD7AD659E628BDBB9B3AAAECC566D6273890
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:8b:d4:4c:18:3a:37:e7:46:47:00:81:e8:8c:
eb:fd:0b:9a:94:a8:2c:2c:0f:33:e1:95:f5:99:1c:
5c:80:9d:de:1d:0b:fc:bd:21:89:34:55:b4:fc:d1:
fd:ef:7c:8b:0a:66:95:02:c9:8f:d0:0a:1c:9b:8c:
7f:58:91:70:b4:0c:aa:20:9b:7c:32:51:e1:ea:26:
a5:3f:ed:b2:03:59:6a:1b:4c:55:0e:44:31:33:44:
eb:ea:f5:a7:01:e7:55:c2:1a:aa:d0:e4:4d:d4:91:
0e:0f:9e:e0:2e:7d:a6:87:c7:d9:53:99:dd:dd:c7:
18:fb:23:16:1a:46:83:cb:27:d2:01:17:91:33:eb:
ff:1b:25:0f:6f:18:8f:58:83:34:f4:6d:a7:b4:bc:
79:5a:bb:e0:de:7e:5c:f6:7c:e9:3e:ba:c3:e5:fb:
5f:73:65:d4:39:af:ee:10:80:74:03:e1:f0:32:ac:
f8:8e:1e:50:de:6b:78:0b:80:3e:98:c6:33:dc:7a:
ca:a3:36:59:a0:a7:40:52:74:8d:93:da:ed:bc:f8:
a3:04:1e:28:ca:39:a8:ee:72:1c:4e:ff:9a:e9:85:
3e:03:03:4d:00:6d:cb:23:e1:2e:57:e5:96:0c:44:
a4:0f:6b:cf:d7:7c:cd:eb:06:d2:1d:d2:52:85:06:
05:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:0D:DD:7A:D6:59:E6:28:BD:BB:9B:3A:AA:EC:C5:66:D6:27:38:90
X509v3 Authority Key Identifier:
keyid:BD:EB:ED:86:40:CB:A6:59:3D:A9:F9:A3:DD:22:8D:38:91:24:58:EA
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/vevthkDLplk9qfmj3SKNOJEkWOo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/vevthkDLplk9qfmj3SKNOJEkWOo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/137/ZQ3detZZ5ii9u5s6quzFZtYnOJA.roa
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-ipAddrBlock: critical
IPv4:
43.236.0.0/16
Signature Algorithm: sha256WithRSAEncryption
2a:1a:38:b2:24:18:37:a2:6b:3f:3d:8f:dc:a5:38:f4:7e:a7:
50:4f:46:12:75:7c:f3:7d:bc:44:3d:7d:14:b9:cc:a1:74:8e:
a6:d5:f5:c9:6c:c5:5c:fb:47:a5:a3:03:16:72:bf:90:44:37:
c8:88:4e:16:a7:da:79:e4:4b:15:8c:03:d8:18:15:44:40:8c:
1b:4d:3b:63:e1:6a:f3:b3:94:17:4a:6d:df:fb:f4:cb:66:b1:
8e:a5:5b:59:3b:c7:19:d7:33:a2:bb:05:43:ae:e2:cb:d6:7a:
b5:d8:ed:31:69:87:95:c8:b2:d7:13:a7:f0:87:3a:a8:7f:89:
fb:95:57:f0:c0:a0:de:9f:a5:b4:96:bb:63:39:0b:f0:c9:55:
db:0d:8c:8e:1c:4d:de:99:00:20:6c:bf:9f:7b:dc:26:c5:b9:
f1:27:82:3e:3b:2d:bc:02:b4:38:3d:f3:4a:a1:a0:fe:36:44:
c3:76:f8:25:00:d4:b0:7c:94:35:10:83:24:79:06:14:3e:c7:
9c:5e:4c:67:38:17:12:b7:17:a1:70:81:3f:90:fb:08:a6:48:
14:70:fa:72:83:d3:90:af:51:db:2d:04:d0:f4:62:38:ad:dd:
43:a9:47:01:71:24:ef:cf:f6:aa:f9:da:29:94:43:fa:29:13:
d5:4d:6d:bc
-----BEGIN CERTIFICATE-----
MIIE1DCCA7ygAwIBAgICVGowDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoQkRF
QkVEODY0MENCQTY1OTNEQTlGOUEzREQyMjhEMzg5MTI0NThFQTAeFw0yNDA1MTEw
MzI0MjVaFw0yNTAxMzEwMTEzNDZaMDMxMTAvBgNVBAMTKDY1MERERDdBRDY1OUU2
MjhCREJCOUIzQUFBRUNDNTY2RDYyNzM4OTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDLi9RMGDo350ZHAIHojOv9C5qUqCwsDzPhlfWZHFyAnd4dC/y9
IYk0VbT80f3vfIsKZpUCyY/QChybjH9YkXC0DKogm3wyUeHqJqU/7bIDWWobTFUO
RDEzROvq9acB51XCGqrQ5E3UkQ4PnuAufaaHx9lTmd3dxxj7IxYaRoPLJ9IBF5Ez
6/8bJQ9vGI9YgzT0bae0vHlau+Deflz2fOk+usPl+19zZdQ5r+4QgHQD4fAyrPiO
HlDea3gLgD6YxjPcesqjNlmgp0BSdI2T2u28+KMEHijKOajuchxO/5rphT4DA00A
bcsj4S5X5ZYMRKQPa8/XfM3rBtId0lKFBgVBAgMBAAGjggHwMIIB7DAdBgNVHQ4E
FgQUZQ3detZZ5ii9u5s6quzFZtYnOJAwHwYDVR0jBBgwFoAUvevthkDLplk9qfmj
3SKNOJEkWOowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
L3ZldnRoa0RMcGxrOXFmbWozU0tOT0pFa1dPby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvdmV2dGhrRExwbGs5cWZtajNTS05PSkVrV09vLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3L1pRM2RldFpaNWlpOXU1
czZxdXpGWnRZbk9KQS5yb2EwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgABMAUD
AwAr7DANBgkqhkiG9w0BAQsFAAOCAQEAKho4siQYN6JrPz2P3KU49H6nUE9GEnV8
8328RD19FLnMoXSOptX1yWzFXPtHpaMDFnK/kEQ3yIhOFqfaeeRLFYwD2BgVRECM
G007Y+Fq87OUF0pt3/v0y2axjqVbWTvHGdczorsFQ67iy9Z6tdjtMWmHlciy1xOn
8Ic6qH+J+5VX8MCg3p+ltJa7YzkL8MlV2w2MjhxN3pkAIGy/n3vcJsW58SeCPjst
vAK0OD3zSqGg/jZEw3b4JQDUsHyUNRCDJHkGFD7HnF5MZzgXErcXoXCBP5D7CKZI
FHD6coPTkK9R2y0E0PRiOK3dQ6lHAXEk78/2qvnaKZRD+ikT1U1tvA==
-----END CERTIFICATE-----
Generated at Sun Jun 22 01:13:37 2025 by rpki-client